CN108173659A - A kind of certificate management method based on UKEY equipment, system and terminal device - Google Patents
A kind of certificate management method based on UKEY equipment, system and terminal device Download PDFInfo
- Publication number
- CN108173659A CN108173659A CN201711364824.7A CN201711364824A CN108173659A CN 108173659 A CN108173659 A CN 108173659A CN 201711364824 A CN201711364824 A CN 201711364824A CN 108173659 A CN108173659 A CN 108173659A
- Authority
- CN
- China
- Prior art keywords
- certificate
- information
- digital certificate
- digital
- ukey equipment
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3263—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0877—Generation of secret information including derivation or calculation of cryptographic keys or passwords using additional device, e.g. trusted platform module [TPM], smartcard, USB or hardware security module [HSM]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The present invention is suitable for digital certificate technique field, provides a kind of certificate management method based on UKEY equipment, system and terminal device.Including:By obtaining certificate request information and signature algorithm.Certificate request information and signature algorithm are sent to local digital certificate authentication system.The first digital certificate that digital certificate authentication system signs and issues generation is obtained, the first digital certificate is saved in certificate database.Key production information is obtained, generates key, and key is preserved to certificate database.The first digital certificate and key are extracted from certificate database and imports UKEY equipment.The embodiment of the present invention is integrated with the generation of certificate by a certificate management system, signs and issues, manages and the function of UKEY equipment managements, without third party software, so as to improve the safety of certificate information, realization certificate management system is integrated with UKEY equipment, make certificate management system volume more compact, it is easy to operation, optimize user experience.
Description
Technical field
The invention belongs to digital certificate technique field more particularly to a kind of certificate management method based on UKEY equipment, it is
System and terminal device.
Background technology
In e-commerce system, digital certificate is the identification certificate for being signed and issued to user, can be with using digital certificate
Realize the uniqueness of file encryption, application is very extensive.At present, it is required for passing through networking during digital certificate generates
Afterwards, authentication is carried out through the identity auditing system in internet.Export generates digital certificate files after signing and issuing digital certificate, then
It imported into UKEY equipment, since leaking data may occur during networking process and digital certificate files import and export
Situation, subscriber identity information is caused to be stolen, there are security risks.
To sum up, number may be occurred during being imported and exported due to networking process and digital certificate files by existing in the prior art
According to the situation of leakage, subscriber identity information is caused to be stolen, there are problems that security risk.
Invention content
In view of this, an embodiment of the present invention provides a kind of certificate management method based on UKEY equipment, system and terminals
Equipment, to solve to lead to user during certificate management system networking process and digital certificate files import and export in the prior art
Identity information is stolen, and there are problems that security risk.
The first aspect of the embodiment of the present invention provides a kind of certificate management method based on UKEY equipment, including:
Obtain the signature algorithm of certificate request information and user's selection;
Certificate request information and signature algorithm are sent to local digital certificate authentication system;
The first digital certificate that digital certificate authentication system signs and issues generation is obtained, first digital certificate is digital certificate
What Verification System was signed and issued after being audited to certificate application information, the first digital certificate includes certificate request information and signature is calculated
Method;
First digital certificate is saved in certificate database;
Key production information is obtained, generates key, and key is preserved to certificate database;
The first digital certificate and key are extracted from certificate database and imported into UKEY equipment.
The second aspect of the embodiment of the present invention provides a kind of certificate management system based on UKEY equipment, including:
Data obtaining module, for obtaining the signature algorithm of certificate request information and user's selection;
Information sending module, for certificate request information and signature algorithm to be sent to local digital certificate authentication system
System;
Digital certificate acquisition module, for obtaining the first digital certificate that digital certificate authentication system signs and issues generation, first
What digital certificate was signed and issued after being audited for digital certificate authentication system to certificate application information, the first digital certificate includes certificate
Application information and signature algorithm;
Certificate preserving module, for the first digital certificate to be saved in certificate database;
Key production module for obtaining Key production information, generates key, and key is preserved to certificate database;
Certificate information import modul, for extracting the first digital certificate and key from certificate database and importeding into UKEY
Equipment.
The third aspect of the embodiment of the present invention provides a kind of terminal device, including memory, processor and is stored in
In the memory and the computer program that can run on the processor, when the processor performs the computer program
The step of realizing certificate management method as described above.
The fourth aspect of the embodiment of the present invention provides a kind of computer readable storage medium, the computer-readable storage
Media storage has computer program, and the computer program realizes the step of certificate management method as described above when being executed by processor
Suddenly.
Existing advantageous effect is the embodiment of the present invention compared with prior art:By obtaining certificate request information and signature
Algorithm.Certificate request information and signature algorithm are sent to local digital certificate authentication system.Obtain digital certificate authentication system
System signs and issues the first digital certificate of generation, and first digital certificate carries out certificate application information for digital certificate authentication system
It is signed and issued after audit, the first digital certificate includes certificate request information and signature algorithm;First digital certificate is saved in certificate
Database.Key production information is obtained, generates key, and key is preserved to certificate database.It is extracted from certificate database
First digital certificate and key simultaneously imported into UKEY equipment.The embodiment of the present invention is integrated with certificate by a certificate management system
Generation, sign and issue, manage and the function of UKEY equipment managements, and the digital certificate of generation and key can be importing directly into
In UKEY equipment, without third party software, so as to improve the safety of certificate information, certificate management system and UKEY are realized
Equipment it is integrated, make certificate management system volume more compact, it is easy to operation, optimize user experience.
Description of the drawings
It to describe the technical solutions in the embodiments of the present invention more clearly, below will be to embodiment or description of the prior art
Needed in attached drawing be briefly described, it should be apparent that, the accompanying drawings in the following description be only the present invention some
Embodiment, for those of ordinary skill in the art, without having to pay creative labor, can also be according to these
Attached drawing obtains other attached drawings.
Fig. 1 is the realization flow diagram of the certificate management method provided in an embodiment of the present invention based on UKEY equipment;
Fig. 2 is the specific implementation flow diagram of the method for step S106 in Fig. 1 provided in an embodiment of the present invention;
Fig. 3 is the structure diagram of the certificate management system provided in an embodiment of the present invention based on UKEY equipment;
Fig. 4 is the topology example figure of certificate information import modul in Fig. 3 provided in an embodiment of the present invention;
Fig. 5 is the schematic diagram of terminal device provided in an embodiment of the present invention.
Specific embodiment
In being described below, in order to illustrate rather than in order to limit, it is proposed that such as tool of particular system structure, technology etc
Body details, to understand thoroughly the embodiment of the present invention.However, it will be clear to one skilled in the art that there is no these specifically
The present invention can also be realized in the other embodiments of details.In other situations, it omits to well-known system, device, electricity
Road and the detailed description of method, in case unnecessary details interferes description of the invention.
Term " comprising " and their any deformations in description and claims of this specification and above-mentioned attached drawing, meaning
Figure is to cover non-exclusive include.Such as process, method or system comprising series of steps or unit, product or equipment do not have
The step of having listed or unit are defined in, but optionally further includes the step of not listing or unit or optionally also wraps
It includes for the intrinsic other steps of these processes, method, product or equipment or unit.In addition, term " first ", " second " and
" third " etc. is for distinguishing different objects, not for description particular order.
In order to illustrate technical solutions according to the invention, illustrated below by specific embodiment.
Embodiment 1:
Fig. 1 shows a kind of realization for certificate management method based on UKEY equipment that one embodiment of the present of invention provides
Flow, details are as follows for process:
In step S101, the signature algorithm of certificate request information and user's selection is obtained.
The present embodiment is applied to a kind of certificate management system based on UKEY equipment.
In the present embodiment, certificate management system includes certificate database, when initially using certificate management system, needs
Create certificate database.
In the present embodiment, certificate management system has the function of to apply for certificate.Certificate request letter is obtained first
Breath, certificate request information include difference name information, the country of the difference name information including user, province, city, tissue, list
Member and individual title and mailbox message.Certificate request information further includes the digit of public key, is incited somebody to action after obtaining the certificate request information
Certificate request information is saved in certificate database, and is recorded as non-msu message.
In the present embodiment, it is also necessary to obtain signature algorithm, signature algorithm refers to the algorithm of digital signature.Digital signature,
Others the hop count word string that can not forge for exactly there was only that the sender of information could generate, this hop count word string is also to letter simultaneously
The sender of breath sends a valid certificates of information authenticity.Digital signature is by an one-way function, to what is transmitted
Information handled to authentication information source, and verify information in transmit process whether a changed word
Female numeric string.Three kinds of signature algorithms being most widely used at present are:Rabin signatures, DSS (Data Signature
Standard, digital signature standard) it signs, RSA signature.RSA signature algorithm is mainly applied in the present embodiment.
In step s 102, certificate request information and signature algorithm are sent to local CA digital certificate authentication systems.
In the present embodiment, certificate management system includes the CA digital certificate authentication systems of a local, is demonstrate,proved when getting
After book application information and signature algorithm, the certificate request information and signature algorithm are sent to CA digital certificate authentication systems.
In step s 103, the first digital certificate that digital certificate authentication system signs and issues generation, the first digital certificate are obtained
It is signed and issued after being audited for digital certificate authentication system to certificate application information, the first digital certificate includes certificate request information
And signature algorithm.
In the present embodiment, digital certificate authentication system is after certificate request information and signature algorithm is got, to certificate
Application information is audited.
Digital certificate authentication system signs and issues the first digital certificate after being audited to certificate application information, specifically include:
1) whether digital certificate authentication system verification user's prestored information and certificate request information are consistent.
If 2) consistent, certificate request information and signature algorithm are synthesized into the first digital certificate.
In the present embodiment, it since certificate management system is local, is not used with third party's certificate verification center cluster,
So that this certificate management system information transmission process is more safe.
In step S104, the first digital certificate is saved in certificate database.
In step S105, Key production information is obtained, generates key, and key is preserved to certificate database.
In the present embodiment, key is generated by obtaining Key production information, key is private key, wherein Key production information
Including key title, key digit and key storage form.Key preserved after generation key corresponding to certificate database
In cipher key storage block.
In step s 106, the first digital certificate and key are extracted from certificate database and imported into UKEY equipment.
In the present embodiment, certificate management system includes the function that certificate imports UKEY equipment, when from certificate database
It chooses when needing the first digital certificate for importeding into UKEY equipment and UKEY equipment, it can be directly by the first digital certificate and key
It imported into UKEY equipment, compared with prior art, the method for certificate importing UKEY equipment through this embodiment reduces
Leakage of information, the risk distorted during importing and exporting.
From above-described embodiment it is found that by obtaining certificate request information and signature algorithm.By certificate request information and signature
Algorithm is sent to local digital certificate authentication system.The first digital certificate that digital certificate authentication system signs and issues generation is obtained,
What first digital certificate was signed and issued after being audited for digital certificate authentication system to certificate application information, the first number is demonstrate,proved
Book is saved in certificate database.Key production information is obtained, generates key, and key is preserved to certificate database.From certificate
The first digital certificate and key are extracted in database and imported into UKEY equipment.The embodiment of the present invention passes through a certificate management system
System is integrated with the generation of certificate, signs and issues, manages and the function of UKEY equipment managements, without third party software, so as to improve card
The safety of letter breath, realizes the integrated of certificate management system and UKEY equipment, makes certificate management system volume smaller
Ingeniously, it is easy to operation, optimize user experience.
In one embodiment, the signature algorithm for obtaining certificate request information and user's selection, including:
1) at certificate request interface, certificate request information input by user is obtained, and preserves the certificate request information and arrives
Certificate database;
2) at certificate issuance interface, the signature algorithm of user's selection is obtained.
In one embodiment, the signature algorithm for obtaining certificate request information and user's selection, including:Directly demonstrate,proving
Inteilectual obtains the signature algorithm of certificate request information input by user and user's selection into interface.
In the present embodiment, the first digital certificate signed and issued when certificate management system is only used for small range, for example, being only
One company's (unit) is presented to the first digital certificate of user, and not with third party's certificate verification central crossbar certification when, then
Directly certificate request information can be obtained at certificates constructing interface and signature algorithm gives digital certificate authentication system, by digital certificate
Verification System is audited, and generates the first digital certificate, does not need to preserve certificate request information.
As shown in Fig. 2, in one embodiment of the invention, the method for step S106 specifically includes in Fig. 1:
In step s 201, when the access information for detecting the UKEY equipment, the login input by user is obtained
Encrypted message;
In step S202, check the login password information and whether the login password information that prestores is consistent;
In step S203, when the login password information is consistent with the login password information that prestores, described in selection
First digital certificate and the key in certificate database, and it is directed into the UKEY equipment.
In the present embodiment, when the access information for detecting UKEY equipment, login password information is obtained first, is made for the first time
It is password default with login password information, it is 123456 that can set password default, obtains login password information input by user
And be compared with the login password information that prestores, if unanimously, showing UKEY administration interfaces, UKEY administration interfaces include Password Management
Function can change the login password information of UKEY by cryptography management function;UKEY administration interfaces further include UKEY certificate managements
Function, detects whether the UKEY equipment has been written into digital certificate, when detecting that digital certificate is not written in the UKEY equipment, from card
The first digital certificate and key are chosen in book database, and directly imports the first digital certificate and key into UKEY equipment.
In the present embodiment, the function of UKEY equipment is imported by the certificate of certificate management system, it can be by the first number
Certificate is importing directly into UKEY equipment, without exporting the first digital certificate files by certificate management system, then by the
One digital certificate files imported into the cumbersome approaches of UKEY equipment, so as to both simplify the operation stream that certificate imports UKEY equipment
Journey, and without third party software, reduce in message transmitting procedure the risk for being compromised, distorting, ensure that digital certificate imports
The safety of the information transmission of UKEY equipment.
In one embodiment, when the access information for detecting UKEY equipment, the second number in UKEY equipment is demonstrate,proved
Book imported into certificate database, and the second digital certificate in UKEY equipment is backed up.
In the present embodiment, when local certificate database does not preserve the second digital certificate of some UKEY equipment,
Second digital certificate of UKEY equipment can be exported in certificate database.When the access information for detecting UKEY equipment,
Verify login password information, when by login password Information Authentication, certificate management system shows UKEY administration interfaces, UKEY pipes
The UKEY certificate management functions at reason interface further include, and when getting importing certificate instruction, certificate management system pop-up UKEY is set
Standby display list interface selects the second digital certificate of the UKEY equipment, and the second digital certificate is imported into certificate management
In the certificate database of system, so that the second digital certificate described in certificate data library backup.
From the present embodiment it is found that certificate management system provided in an embodiment of the present invention completes the management work(to UKEY equipment
Can, the second digital certificate that can be introduced directly into UKEY equipment, so as to make the backup operation of the second digital certificate simpler,
It is more convenient to use.
In one embodiment, after step slol, the embodiment of the present invention further includes:
Certificate request information is exported, Generate Certificate application documents, and the certificate request file is used to indicate third party's certificate
Generation third party's digital certificate is signed and issued by authentication center.
In the present embodiment, certificate request information is exported into the application documents that Generate Certificate, so as to which certificate request file be sent out
Third party's certificate verification center is given, generation third party's digital certificate is signed and issued at third party's certificate verification center so that a card
The secure communication between the user under user and another certificate verification center under book authentication center is possibly realized.
In one embodiment, certificate request information is obtained, including obtaining certificate request information input by user;Alternatively,
Certificate request information is obtained to include obtaining the certificate request information imported by third party's certificate request file.
In the present embodiment, certificate request information is imported or exported to third party's certificate verification center by above-mentioned
Method, it is achieved thereby that the interaction with third party's certificate verification center so that user under a certificate verification center with it is another
The secure communication between user under a certificate verification center is possibly realized.
In one embodiment of the invention, certificate management system, which further includes, imports PKCS (Public-Key
Cryptography Standards, public key cryptography standard) #12 digital certificates, PKCS#12 is a kind of supply standard form, main
It will be in order to transmit, back up, restore digital certificate and their relevant public keys or private key in public key encryp.PKCS#12
It is output format, commonly used in output digital certificate and its private key, because of the method output one with a safety almost
The private key of a user can bring safety hazard.PKCS#12 is for exporting digital certificate to other computers, to removable
Media to back up or be able to verify that scheme to smart card activation smart card.
In one embodiment of the invention, it can import in PKCS#12 digital certificates to certificate database, can also incite somebody to action
PKCS#12 digital certificates in certificate database are exported in UKEY equipment, without third party software, so as to make the process of transmission
It is safer.
In one embodiment of the invention, certificate management system further includes certificate revocation administration interface, certificate revocation pipe
The digital certificate that reason interface is used to preserve in certificate database normally arrives (including the first digital certificate and the second digital certificate)
User is cancelled before phase to be allowed to use the related statement of the digital certificate.When getting when revoking order of certificate, certificate revocation
Administration interface shows the reason of revoking of the digital certificate and corresponding digital certificate, such as:Reveal key, leakage CA, subordinate
The reasons such as relationship changes, substituted and business terminates.After the digital certificate revoked expires, in certificate revocation administration interface
The related entry of the digital certificate is deleted, to shorten the size of certificate revocation administration interface list.
In the present embodiment, by the certificate management method based on UKEY equipment, certificate management system is made to be integrated with number
The generation of certificate, sign and issue, key generation, certificate management and UKEY equipment Management Functions, recognized by local digital certificate
Card system signs and issues digital certificate, it can be achieved that being introduced directly into of digital certificate, export function, without third party software, and this certificate
Management system does not need to install, small volume, and copy is used, and facilitates the operation of user.
It should be understood that the size of the serial number of each step is not meant to the priority of execution sequence, each process in above-described embodiment
Execution sequence should determine that the implementation process without coping with the embodiment of the present invention forms any limit with its function and internal logic
It is fixed.
Embodiment 2:
As shown in figure 3, a kind of certificate management system 100 based on UKEY equipment that one embodiment of the present of invention provides,
For performing the method and step in the embodiment corresponding to Fig. 1, including:
Data obtaining module 110, for obtaining the signature algorithm of certificate request information and user's selection.
Information sending module 120, for certificate request information and signature algorithm to be sent to local digital certificate authentication
System.
Digital certificate acquisition module 130, for obtaining the first digital certificate that digital certificate authentication system signs and issues generation, the
What one digital certificate was signed and issued after being audited for digital certificate authentication system to certificate application information, the first digital certificate packet
Include certificate request information and signature algorithm.
Certificate preserving module 140, for the first digital certificate to be saved in certificate database.
Key production module 150 for obtaining Key production information, generates key, and key is preserved to the certificate
Database.
Certificate information import modul 160, for extracting the first digital certificate and key from certificate database and importeding into
UKEY equipment.
From above-described embodiment it is found that by obtaining certificate request information and signature algorithm.By certificate request information and signature
Algorithm is sent to local digital certificate authentication system.The first digital certificate that digital certificate authentication system signs and issues generation is obtained,
What first digital certificate was signed and issued after being audited for digital certificate authentication system to certificate application information, the first number is demonstrate,proved
Book is saved in certificate database.Key production information is obtained, generates key, and key is preserved to certificate database.From certificate
The first digital certificate and key are extracted in database and imported into UKEY equipment.The embodiment of the present invention passes through a certificate management system
System is integrated with the generation of certificate, signs and issues, manages and the function of UKEY equipment managements, so as to improve the safety of certificate information,
The integrated of certificate management system and UKEY equipment is realized, makes certificate management system volume more compact, easy to operation, optimization
User experience.
As shown in figure 4, in one embodiment of the invention, the certificate information in the embodiment corresponding to Fig. 4 imports mould
Block 160 further includes the structure for performing the method and step in the embodiment corresponding to Fig. 2, including:
Login password information acquisition unit 161, for when the access information for detecting UKEY equipment, obtaining user's input
Login password information;
Whether encrypted message checks unit 162, consistent for checking login password information and the login password information that prestores;
Certificate information import unit 163, for when login password information is consistent with the login password information that prestores, selection to be demonstrate,proved
Digital certificate and key in book database, and it is directed into UKEY equipment.
In the present embodiment, UKEY functions are imported by the certificate of certificate management system, it can be straight by the first digital certificate
It connects and imported into UKEY equipment, without exporting digital certificate files, then by digital certificate files by certificate management system
The cumbersome approaches of UKEY equipment are imported into, so as to not only simplify the operating process that certificate imports UKEY equipment, but also without third party
Software ensure that digital certificate imports the safety of the information transmission of UKEY equipment.
In one embodiment, certificate management system 100 provided in an embodiment of the present invention further includes:
Digital certificate export module, for when the access information for detecting UKEY equipment, by second in UKEY equipment
Digital certificate exports to certificate database, and the second digital certificate in UKEY equipment is backed up.
From above-described embodiment it is found that certificate management system provided in an embodiment of the present invention can complete the pipe to UKEY equipment
Manage function, the second digital certificate that can be introduced directly into UKEY equipment, so as to make the backup operation of the second digital certificate more
Simply, it is more convenient to use.
In one embodiment, after data obtaining module 110, certificate management system provided in an embodiment of the present invention
100 further include:
Certificate request file generating module, for exporting certificate request information, Generate Certificate application documents, certificate request text
Part is used to indicate third party's certificate verification center and signs and issues generation third party's digital certificate.
From above-described embodiment it is found that passing through the above-mentioned side that certificate request information is exported to third party's certificate verification center
Method, it is achieved thereby that the interaction with third party's certificate verification center so that user under a certificate verification center and another
The secure communication between user under certificate verification center is possibly realized.
Embodiment 3:
The embodiment of the present invention additionally provides a kind of terminal device 5, including processor 50, memory 51 and is stored in storage
In device 51 and the computer program 52 that can run on a processor, the processor 50 are realized when performing the computer program 52
The step in each embodiment as described in example 1 above, such as step S101 shown in FIG. 1 to step S106.Alternatively, the place
Reason device 50 realizes the work(of each module in each device embodiment as described in example 2 above when performing the computer program 52
Can, such as the function of module 110 to 160 shown in Fig. 3.
The terminal device 5 can be that the calculating such as desktop PC, notebook, palm PC and cloud server are set
It is standby.The terminal device 5 may include, but be not limited only to, processor, memory.Such as the terminal device can also include it is defeated
Enter output equipment, network access equipment, bus etc..
Alleged processor 50 can be central processing unit (Central Processing Unit, CPU), can also be
Other general processors, digital signal processor (Digital Signal Processor, DSP), application-specific integrated circuit
(Application Specific Integrated Circuit, ASIC), ready-made programmable gate array (Field-
Programmable Gate Array, FPGA) either other programmable logic device, discrete gate or transistor logic,
Discrete hardware components etc..General processor can be microprocessor or the processor can also be any conventional processor
Deng.
The memory 51 can be the internal storage unit of the terminal device 5, such as the hard disk of terminal device 5 or interior
It deposits.The memory 51 can also be the External memory equipment of the terminal device 5, such as be equipped on the terminal device 5
Plug-in type hard disk, intelligent memory card (Smart Media Card, SMC), secure digital (Secure Digital, SD) card dodge
Deposit card (Flash Card) etc..Further, the memory can also both include the internal storage unit of terminal device or wrap
Include External memory equipment.The memory is used to store the computer program and other programs needed for the terminal device
And data.The memory can be also used for temporarily storing the data that has exported or will export.
Embodiment 4:
The embodiment of the present invention additionally provides a kind of computer readable storage medium, and computer-readable recording medium storage has meter
Calculation machine program 52 realizes the step in each embodiment as described in example 1 above when computer program 52 is performed by processor 50,
Such as step S101 shown in FIG. 1 to step S106.Alternatively, it is realized when the computer program 52 is executed by processor as implemented
The function of each module in each device embodiment described in example 2, such as the function of module 110 to 160 shown in Fig. 3.
The computer program 52 can be stored in a computer readable storage medium, which is being located
It manages when device 50 performs, it can be achieved that the step of above-mentioned each embodiment of the method.Wherein, the computer program 52 includes computer journey
Sequence code, the computer program code can be source code form, object identification code form, executable file or certain intermediate shapes
Formula etc..The computer-readable medium can include:Any entity of the computer program code or device, note can be carried
Recording medium, USB flash disk, mobile hard disk, magnetic disc, CD, computer storage, read-only memory (ROM, Read-Only Memory),
Random access memory (RAM, Random Access Memory), electric carrier signal, telecommunication signal and software distribution medium
Deng.It should be noted that the content that the computer-readable medium includes can be real according to legislation in jurisdiction and patent
The requirement trampled carries out appropriate increase and decrease, such as in certain jurisdictions, according to legislation and patent practice, computer-readable medium
It is electric carrier signal and telecommunication signal not include.
The steps in the embodiment of the present invention can be sequentially adjusted, merged and deleted according to actual needs.
Module or unit in system of the embodiment of the present invention can be combined, divided and deleted according to actual needs.
The foregoing is merely illustrative of the preferred embodiments of the present invention, is not intended to limit the invention, all essences in the present invention
All any modification, equivalent and improvement made within refreshing and principle etc., should all be included in the protection scope of the present invention.
Claims (10)
1. a kind of certificate management method based on UKEY equipment, which is characterized in that including:
Obtain the signature algorithm of certificate request information and user's selection;
The certificate request information and the signature algorithm are sent to local digital certificate authentication system;
The first digital certificate that the digital certificate authentication system signs and issues generation is obtained, first digital certificate is the number
What certificate authentication system was signed and issued after being audited to the certificate request information, first digital certificate includes the certificate Shen
It please information and the signature algorithm;
First digital certificate is saved in certificate database;
Key production information is obtained, generates key, and the key is preserved to the certificate database;
First digital certificate and the key are extracted from the certificate database and imported into UKEY equipment.
2. the certificate management method as described in claim 1 based on UKEY equipment, which is characterized in that described from the certificate number
According to extracting the digital certificate and the key in library and imported into UKEY equipment, including:
When the access information for detecting the UKEY equipment, the login password information input by user is obtained;
It checks the login password information and whether the login password information that prestores is consistent;
When the login password information is consistent with the login password information that prestores, select described in the certificate database
First digital certificate and the key, and it is directed into the UKEY equipment.
3. the certificate management method as described in claim 1 based on UKEY equipment, which is characterized in that further include:
When the access information for detecting UKEY equipment, the second digital certificate in the UKEY equipment is exported into the certificate
Database backs up the second digital certificate in the UKEY equipment.
4. the certificate management method as described in claim 1 based on UKEY equipment, which is characterized in that the acquisition certificate request
After information and the signature algorithm of user's selection, further include:
The certificate request information is exported, Generate Certificate application documents, and the certificate request file is used to indicate third party's certificate
Generation third party's digital certificate is signed and issued by authentication center.
5. the certificate management method as described in claim 1 based on UKEY equipment, which is characterized in that the acquisition certificate request
Information, including obtaining certificate request information input by user;Alternatively,
The acquisition certificate request information, including obtaining the certificate request information imported by third party's certificate request file.
6. a kind of certificate management system based on UKEY equipment, which is characterized in that including:
Data obtaining module, for obtaining the signature algorithm of certificate request information and user's selection;
Information sending module, for the certificate request information and the signature algorithm to be sent to local digital certificate authentication
System;
Digital certificate acquisition module, it is described for obtaining the first digital certificate that the digital certificate authentication system signs and issues generation
The first digital certificate digital certificate authentication system is signed and issued after being audited to the certificate request information, and described first
Digital certificate includes the certificate request information and the signature algorithm;
Certificate preserving module, for first digital certificate to be saved in certificate database;
Key production module for obtaining Key production information, generates key, and the key is preserved to the certificate data
Library;
Certificate information import modul, for extracting first digital certificate and the key from the certificate database and leading
Enter to UKEY equipment.
7. the certificate management system as described in claim 1 based on UKEY equipment, which is characterized in that the certificate information imports
Module specifically includes:
Login password information acquisition unit, for when the access information for detecting the UKEY equipment, it is defeated to obtain the user
The login password information entered;
Whether encrypted message checks unit, consistent for checking the login password information and the login password information that prestores;
Certificate information import unit, for when the login password information is consistent with the login password information that prestores, selecting
The digital certificate and the key in the certificate database, and it is directed into the UKEY equipment.
8. the certificate management system as described in claim 1 based on UKEY equipment, which is characterized in that further include:
Digital certificate export module, for when the access information for detecting UKEY equipment, by second in the UKEY equipment
Digital certificate exports to the certificate database, and the second digital certificate in the UKEY equipment is backed up.
9. a kind of terminal device, including memory, processor and it is stored in the memory and can be on the processor
The computer program of operation, which is characterized in that the processor realizes such as claim 1 to 5 when performing the computer program
The step of any one certificate management method.
10. a kind of computer readable storage medium, the computer-readable recording medium storage has computer program, and feature exists
In the step of realization certificate management method as described in any one of claim 1 to 5 when the computer program is executed by processor
Suddenly.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201711364824.7A CN108173659B (en) | 2017-12-18 | 2017-12-18 | Certificate management method and system based on UKEY equipment and terminal equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201711364824.7A CN108173659B (en) | 2017-12-18 | 2017-12-18 | Certificate management method and system based on UKEY equipment and terminal equipment |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN108173659A true CN108173659A (en) | 2018-06-15 |
| CN108173659B CN108173659B (en) | 2020-11-10 |
Family
ID=62522347
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201711364824.7A Active CN108173659B (en) | 2017-12-18 | 2017-12-18 | Certificate management method and system based on UKEY equipment and terminal equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN108173659B (en) |
Cited By (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109412812A (en) * | 2018-08-29 | 2019-03-01 | 中国建设银行股份有限公司 | Data safe processing system, method, apparatus and storage medium |
| CN110413672A (en) * | 2019-07-03 | 2019-11-05 | 平安科技(深圳)有限公司 | Data automatically imported method, device and computer readable storage medium |
| CN110705985A (en) * | 2019-10-21 | 2020-01-17 | 北京海益同展信息科技有限公司 | Method and apparatus for storing information |
| CN111428213A (en) * | 2020-03-27 | 2020-07-17 | 深圳融安网络科技有限公司 | Two-factor authentication apparatus, method thereof, and computer-readable storage medium |
| CN112862487A (en) * | 2021-03-03 | 2021-05-28 | 青岛海链数字科技有限公司 | Digital certificate authentication method, equipment and storage medium |
| CN113364591A (en) * | 2020-03-03 | 2021-09-07 | 北京奇虎科技有限公司 | Certificate management method and device |
| CN113765668A (en) * | 2020-06-03 | 2021-12-07 | 广州汽车集团股份有限公司 | Vehicle digital certificate on-line installation method and vehicle digital certificate management device |
| CN114760070A (en) * | 2022-04-22 | 2022-07-15 | 深圳市永达电子信息股份有限公司 | Digital certificate issuing method, digital certificate issuing center and readable storage medium |
| CN115481385A (en) * | 2022-10-31 | 2022-12-16 | 麒麟软件有限公司 | Certificate management method |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101127111A (en) * | 2006-08-18 | 2008-02-20 | 中信银行 | Internet bank U disc KEY ciphering, authentication device and method |
| CN101447867A (en) * | 2008-12-31 | 2009-06-03 | 中国建设银行股份有限公司 | Method for managing digital certificate and system |
| EP2704071A1 (en) * | 2012-08-31 | 2014-03-05 | Gemalto SA | System and method for secure customization of a personal token during a personalization step |
| CN104579687A (en) * | 2015-01-19 | 2015-04-29 | 浪潮电子信息产业股份有限公司 | CSP implementation based on USBKEY |
| CN105141420A (en) * | 2015-07-29 | 2015-12-09 | 飞天诚信科技股份有限公司 | Method, device and server for securely introducing and issuing certificates |
-
2017
- 2017-12-18 CN CN201711364824.7A patent/CN108173659B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101127111A (en) * | 2006-08-18 | 2008-02-20 | 中信银行 | Internet bank U disc KEY ciphering, authentication device and method |
| CN101447867A (en) * | 2008-12-31 | 2009-06-03 | 中国建设银行股份有限公司 | Method for managing digital certificate and system |
| EP2704071A1 (en) * | 2012-08-31 | 2014-03-05 | Gemalto SA | System and method for secure customization of a personal token during a personalization step |
| CN104579687A (en) * | 2015-01-19 | 2015-04-29 | 浪潮电子信息产业股份有限公司 | CSP implementation based on USBKEY |
| CN105141420A (en) * | 2015-07-29 | 2015-12-09 | 飞天诚信科技股份有限公司 | Method, device and server for securely introducing and issuing certificates |
Cited By (12)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109412812A (en) * | 2018-08-29 | 2019-03-01 | 中国建设银行股份有限公司 | Data safe processing system, method, apparatus and storage medium |
| CN109412812B (en) * | 2018-08-29 | 2021-12-03 | 中国建设银行股份有限公司 | Data security processing system, method, device and storage medium |
| CN110413672A (en) * | 2019-07-03 | 2019-11-05 | 平安科技(深圳)有限公司 | Data automatically imported method, device and computer readable storage medium |
| CN110413672B (en) * | 2019-07-03 | 2023-09-19 | 平安科技(深圳)有限公司 | Automatic data importing method and device and computer readable storage medium |
| CN110705985A (en) * | 2019-10-21 | 2020-01-17 | 北京海益同展信息科技有限公司 | Method and apparatus for storing information |
| CN113364591A (en) * | 2020-03-03 | 2021-09-07 | 北京奇虎科技有限公司 | Certificate management method and device |
| CN111428213A (en) * | 2020-03-27 | 2020-07-17 | 深圳融安网络科技有限公司 | Two-factor authentication apparatus, method thereof, and computer-readable storage medium |
| CN111428213B (en) * | 2020-03-27 | 2024-02-02 | 深圳融安网络科技有限公司 | Dual-factor authentication apparatus, method thereof, and computer-readable storage medium |
| CN113765668A (en) * | 2020-06-03 | 2021-12-07 | 广州汽车集团股份有限公司 | Vehicle digital certificate on-line installation method and vehicle digital certificate management device |
| CN112862487A (en) * | 2021-03-03 | 2021-05-28 | 青岛海链数字科技有限公司 | Digital certificate authentication method, equipment and storage medium |
| CN114760070A (en) * | 2022-04-22 | 2022-07-15 | 深圳市永达电子信息股份有限公司 | Digital certificate issuing method, digital certificate issuing center and readable storage medium |
| CN115481385A (en) * | 2022-10-31 | 2022-12-16 | 麒麟软件有限公司 | Certificate management method |
Also Published As
| Publication number | Publication date |
|---|---|
| CN108173659B (en) | 2020-11-10 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN108173659A (en) | A kind of certificate management method based on UKEY equipment, system and terminal device | |
| CN111080295B (en) | Electronic contract processing method and device based on blockchain | |
| CN108933667B (en) | Management method and management system of public key certificate based on block chain | |
| WO2019094611A1 (en) | Identity-linked authentication through a user certificate system | |
| CN107146120B (en) | Electronic invoice generation method and generation device | |
| CA2914956C (en) | System and method for encryption | |
| CN112215608A (en) | Data processing method and device | |
| CN109450843B (en) | SSL certificate management method and system based on block chain | |
| CN111147432B (en) | KYC data sharing system with confidentiality and method thereof | |
| CN104580250A (en) | System and method for authenticating credible identities on basis of safety chips | |
| CN102801710A (en) | Networked transaction method and system | |
| CN109981287B (en) | Code signing method and storage medium thereof | |
| CN111815321A (en) | Transaction proposal processing method, device, system, storage medium and electronic device | |
| CN102307096A (en) | Pseudo-Rivest, Shamir and Adleman (RSA)-key-based application method for recent public key cryptography algorithm | |
| CN105162607A (en) | Authentication method and system of payment bill voucher | |
| CN111815322A (en) | Distributed payment method with selectable privacy service based on Ether house | |
| CN107994995A (en) | A kind of method of commerce, system and the terminal device of lower security medium | |
| CN105554018A (en) | Network real name verification method | |
| CN108768975A (en) | Support the data integrity verification method of key updating and third party's secret protection | |
| CN110569672A (en) | efficient credible electronic signature system and method based on mobile equipment | |
| CN115203749A (en) | Data transaction method and system based on block chain | |
| CN111311259A (en) | Bill processing method, device, terminal and computer readable storage medium | |
| CN112381634A (en) | Tax statistics and settlement method, device, equipment and storage medium | |
| CN102609842A (en) | Payment cipher device based on hardware signature equipment, and application method of payment cipher device | |
| CN114417389A (en) | Method for storing user asset limit through addition homomorphic encryption in block chain |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |